A buffer overflow bug was found by Dean Brettle in the way that grip
handles data returned by CDDB servers. If a user connected to a
malicious CDDB server, an attacker could execute arbitrary code on the
user's machine.
The updated packages have been patched to correct these issues.